CVE-2021-22035

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
References
Configurations

Configuration 1

cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*

Information

Published : 2021-10-13 04:15

Updated : 2021-10-20 01:25


NVD link : CVE-2021-22035

Mitre link : CVE-2021-22035

Products Affected
No products.
CWE